How to use the regipy.utils.convert_wintime function in regipy

To help you get started, we’ve selected a few regipy examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github mkorman90 / regipy / regipy / plugins / amcache / amcache.py View on Github external
content = entry.pop(k, None)
            if content:
                entry[v] = content

        if 'sha1' in entry:
            entry['sha1'] = entry['sha1'][4:]

        if 'file_id' in entry:
            entry['file_id'] = entry['file_id'][4:]
            if 'sha1' not in entry:
                entry['sha1'] = entry['file_id']

        if 'program_id' in entry:
            entry['program_id'] = entry['program_id'][4:]

        entry['timestamp'] = convert_wintime(subkey.header.last_modified, as_json=self.as_json)

        if 'size' in entry:
            entry['size'] = int(entry['size'], 16) if isinstance(entry['size'], str) else entry['size']

        is_pefile = entry.get('is_pe_file')
        if is_pefile is not None:
            entry['is_pe_file'] = bool(is_pefile)

        is_os_component = entry.get('is_os_component')
        if is_os_component is not None:
            entry['is_os_component'] = bool(is_os_component)

        if entry.get('link_date') == 0:
            entry.pop('link_date')

        for ts_field_name in WIN8_TS_FIELDS:
github mkorman90 / regipy / regipy / plugins / ntuser / installed_programs_ntuser.py View on Github external
def _get_installed_software(self, subkey_path):
        try:
            uninstall_sk = self.registry_hive.get_key(subkey_path)
        except RegistryKeyNotFoundException as ex:
            logger.error(ex)
            return

        for installed_program in uninstall_sk.iter_subkeys():
            values = {underscore(x.name): x.value for x in
                      installed_program.iter_values(as_json=self.as_json)} if installed_program.values_count else {}
            self.entries.append({
                'service_name': installed_program.name,
                'timestamp': convert_wintime(installed_program.header.last_modified, as_json=self.as_json),
                'registry_path': subkey_path,
                **values
github mkorman90 / regipy / regipy / regdiff.py View on Github external
def get_timestamp_for_subkeys(registry_hive, subkey_list):
    for subkey_path in subkey_list:
        subkey = registry_hive.get_key(subkey_path)
        yield subkey_path, convert_wintime(subkey.header.last_modified, as_json=True)
github mkorman90 / regipy / regipy / plugins / system / computer_name.py View on Github external
def run(self):
        logger.info('Started Computer Name Plugin...')

        for subkey_path in self.registry_hive.get_control_sets(COMPUTER_NAME_PATH):
            subkey = self.registry_hive.get_key(subkey_path)

            try:
                self.entries.append({
                    'name': subkey.get_value('ComputerName', as_json=self.as_json),
                    'timestamp': convert_wintime(subkey.header.last_modified, as_json=self.as_json)
                })
            except RegistryValueNotFoundException as ex:
                continue
github mkorman90 / regipy / regipy / plugins / software / profilelist.py View on Github external
def run(self):
        logger.info('Started profile list plugin...')
        try:
            subkey = self.registry_hive.get_key(PROFILE_LIST_KEY_PATH)
        except RegistryKeyNotFoundException as ex:
            logger.error(ex)
                
        for profile in subkey.iter_subkeys():
            self.entries.append({
                'last_write': convert_wintime(profile.header.last_modified, as_json=self.as_json),
                'path': profile.get_value('ProfileImagePath'),
                'flags': profile.get_value('Flags'),
                'full_profile': profile.get_value('FullProfile'),
                'state': profile.get_value('State'),
                'sid': profile.name,
                'load_time': convert_filetime(profile.get_value('ProfileLoadTimeLow'), profile.get_value('ProfileLoadTimeHigh')),
                'local_load_time': convert_filetime(profile.get_value('LocalProfileLoadTimeLow'), profile.get_value('LocalProfileLoadTimeHigh'))
            })
github mkorman90 / regipy / regipy / plugins / software / installed_programs.py View on Github external
def _get_installed_software(self, subkey_path):
        try:
            uninstall_sk = self.registry_hive.get_key(subkey_path)
        except RegistryKeyNotFoundException as ex:
            logger.error(ex)
            return

        for installed_program in uninstall_sk.iter_subkeys():
            values = {underscore(x.name): x.value for x in
                      installed_program.iter_values(as_json=self.as_json)} if installed_program.values_count else {}
            self.entries.append({
                'service_name': installed_program.name,
                'timestamp': convert_wintime(installed_program.header.last_modified, as_json=self.as_json),
                'registry_path': subkey_path,
                **values
github mkorman90 / regipy / regipy / plugins / amcache / amcache.py View on Github external
is_pefile = entry.get('is_pe_file')
        if is_pefile is not None:
            entry['is_pe_file'] = bool(is_pefile)

        is_os_component = entry.get('is_os_component')
        if is_os_component is not None:
            entry['is_os_component'] = bool(is_os_component)

        if entry.get('link_date') == 0:
            entry.pop('link_date')

        for ts_field_name in WIN8_TS_FIELDS:
            ts = entry.pop(ts_field_name, None)
            if ts:
                entry[ts_field_name] = convert_wintime(ts, as_json=self.as_json)

        self.entries.append(entry)